× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b6e451c0b452a5211462a187c4fa35c47273666508543d0ae96269a3cac9625
File name: toward.exe
Detection ratio: 34 / 47
Analysis date: 2013-09-24 06:22:14 UTC ( 6 months, 4 weeks ago )
Antivirus Result Update
AVG PSW.Generic11.CLFW 20130922
Agnitum TrojanSpy.Zbot!RwGwvkaH6Tk 20130922
AhnLab-V3 Trojan/Win32.Zbot 20130923
AntiVir TR/Spy.ZBot.ppnc 20130923
Antiy-AVL Trojan/Win32.Zbot 20130923
Avast Win32:Malware-gen 20130923
Baidu-International Trojan-Spy.Win32.Zbot.ppnc 20130923
BitDefender Trojan.GenericKDV.1252688 20130923
Bkav HW32.Laneul.yeeg 20130921
Commtouch W32/Backdoor.JCPW-1733 20130923
Comodo TrojWare.Win32.ZBot.AWS 20130923
DrWeb Trojan.PWS.Panda.4379 20130923
ESET-NOD32 Win32/Spy.Zbot.AAU 20130924
Emsisoft Trojan.GenericKDV.1252688 (B) 20130923
Fortinet W32/Zbot.PPNC!tr 20130923
GData Trojan.GenericKDV.1252688 20130923
Ikarus Trojan-Spy.Win32.Zbot 20130923
K7AntiVirus Trojan 20130920
Kaspersky Trojan-Spy.Win32.Zbot.ppnc 20130923
Kingsoft Win32.Troj.Agent.k.(kcloud) 20130829
Malwarebytes Spyware.Zbot.ED 20130923
McAfee PWS-Zbot-FBBA!5CB9893095F6 20130924
McAfee-GW-Edition PWS-Zbot-FBBA!5CB9893095F6 20130924
MicroWorld-eScan Trojan.GenericKDV.1252688 20130924
Microsoft PWS:Win32/Zbot 20130924
Norman ZBot.NCXM 20130923
Panda Generic Malware 20130924
Sophos Mal/Generic-S 20130924
Symantec Trojan.Zbot 20130924
TheHacker Trojan/Spy.Zbot.aau 20130924
TrendMicro TSPY_ZBOT.UFY 20130924
TrendMicro-HouseCall TROJ_GEN.R0CBH0AID13 20130923
VBA32 TrojanSpy.Zbot 20130923
VIPRE Trojan.Win32.Generic!BT 20130923
ByteHero 20130919
CAT-QuickHeal 20130924
ClamAV 20130923
F-Prot 20130923
Jiangmin 20130903
K7GW 20130920
NANO-Antivirus 20130923
PCTools 20130924
Rising 20130924
SUPERAntiSpyware 20130924
TotalDefense 20130924
ViRobot 20130923
nProtect 20130924
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Authenticode signature block
Copyright
© Cost Corporation. All rights reserved.

Publisher Cost Corp.
Product Cost Manyhappen
Version 8.0.764.515
Original name toward.exe
Internal name toward.exe
File version 8.0.764.515
Description Cost Manyhappen
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-09 08:22:17
Entry Point 0x000078DE
Number of sections 4
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
GetConsoleCP
HeapDestroy
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetUserDefaultLCID
WriteConsoleW
GetWindowsDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
SetStdHandle
CreateMutexA
SetFilePointer
RaiseException
CreateFileA
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
GetOEMCP
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
GetConsoleOutputCP
ExitProcess
PrepareTape
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
Number of PE resources by type
BIN 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
Compressed bundles
File identification
MD5 5cb9893095f6087fe741853213f244e8
SHA1 570444f8fcb54e82d85a52a949c1223dfe3d81d4
SHA256 6b6e451c0b452a5211462a187c4fa35c47273666508543d0ae96269a3cac9625
ssdeep
12288:9Gz785QM5ky6f0vceiIOlEWssI5TORMmOFPb1Q07gWCnO9aWAfI3FMV+:9GH6QyZvcfICEWssI5stOZb1Q07gWCO

File size 466.0 KB ( 477184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.4%)
Win32 Dynamic Link Library (generic) (13.5%)
Win32 Executable (generic) (9.3%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-09-09 11:32:29 UTC ( 7 months, 1 week ago )
Last submission 2013-09-22 07:07:01 UTC ( 7 months ago )
File names about.exe
14912340
kfqrsapbsfmoufwlhmf.bfg
14912341
calc.exe
6b6e451c0b452a5211462a187c4fa35c47273666508543d0ae96269a3cac9625
5_ms.download
5cb9893095f6087fe741853213f244e8
output.14912341.txt
output.14912340.txt
readme.exe
contacts.ex
toward.exe
5CB9893095F6087FE741853213F244E8.exe
contacts.exe
info.exe
wgadqppskichnowkwap.bfg
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications